Kerberos is a cross-platform authentication protocol used for mutual authentication of users and services in a secure manner. Kerberos v5 is the current version of this protocol. The protocol ensures the integrity of data as it is transmitted over the network. It is widely used in all other major operating systems, such as Unix and Cisco IOS. The authentication process is the same in all operating system environments.
Kerberos protocol is build upon Symmetric Key Cryptography and requires a trusted third party. Kerberos works in a Key Distribution Center (KDC)—which is usually a network server—used to issue secure encrypted keys and tokens (tickets) to authenticate a user or a service. The tickets carry a timestamp and expire as soon as the user or the service logs off. The following steps are carried out to complete the authentication process:
1.The client presents its credentials to the KDC for authentication by means of username and password, smart card, or biometrics.
2.The KDC issues a Ticket Granting Ticket (TGT) to the client. The TGT is associated with an access token that remains active until the time client is logged on. The TGT is cached locally and is used later if the session remains active.
3.When the client needs to access the resource server, it presents the cached TGT to the KDC. The KDC grants a session ticket to the client.
4.The client presents the session ticket to the resource server, and the client is granted access to the resources on the resource server.
The TGT remains active for the entire active session. Kerberos is heavily dependent on synchronization of clocks on the clients and servers. Session tickets granted by the KDC to the client must be presented to the server within the established time limits; otherwise, they may be discarded.
Kerberos protocol is build upon Symmetric Key Cryptography and requires a trusted third party. Kerberos works in a Key Distribution Center (KDC)—which is usually a network server—used to issue secure encrypted keys and tokens (tickets) to authenticate a user or a service. The tickets carry a timestamp and expire as soon as the user or the service logs off. The following steps are carried out to complete the authentication process:
1.The client presents its credentials to the KDC for authentication by means of username and password, smart card, or biometrics.
2.The KDC issues a Ticket Granting Ticket (TGT) to the client. The TGT is associated with an access token that remains active until the time client is logged on. The TGT is cached locally and is used later if the session remains active.
3.When the client needs to access the resource server, it presents the cached TGT to the KDC. The KDC grants a session ticket to the client.
4.The client presents the session ticket to the resource server, and the client is granted access to the resources on the resource server.
The TGT remains active for the entire active session. Kerberos is heavily dependent on synchronization of clocks on the clients and servers. Session tickets granted by the KDC to the client must be presented to the server within the established time limits; otherwise, they may be discarded.
No comments:
Post a Comment